Seminar on cloud computing buzzword or savior cloud computing challenges security issues
1 / 29

Agenda - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Seminar on Cloud Computing: Buzzword or Savior ??? Cloud Computing Challenges & Security Issues. Agenda. Cloud Computing Challenges Cloud Security Issues Cloud Security Incidents Statistical analysis of Cloud Sec breaches Cloud Security Controls. Cloud Computing Challenges.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentationdownload


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Seminar on cloud computing buzzword or savior cloud computing challenges security issues

Seminar on Cloud Computing: Buzzword or Savior???Cloud Computing Challenges & Security Issues



Cloud Computing Challenges

Cloud Security Issues

Cloud Security Incidents

Statistical analysis of Cloud Sec breaches

Cloud Security Controls

Cloud computing challenges

Cloud Computing Challenges

  • Despite many opportunities there has been backlash against Cloud computing:

    • Dependence on others and that could possibly limit flexibility and innovation:

      • Monopoly of Bigger Internet companies (google & IBM).

      • Return to the time of mainframe computing ??

    • Security could prove to be a big issue:

      • Safety of out-sourced data

      • Uncertainty in the ownership of data.

Cloud computing challenges1

Cloud Computing Challenges…

  • There are also issues relating to policy and access:

    • If your data is stored abroad whose policy do you adhere to?

    • What happens if the remote server goes down?

    • How will you then access files?

    • There have been cases of users being locked out of accounts and losing access to data.

Cloud computing challenges2

Cloud Computing Challenges





Service Delivery & Billing

Abuse of Cloud Services


Usage Control



Bandwidth Cost


Lack of knowledge &


Shared Technology Issues

Insufficient due diligence

Categorization of cloud challenges

Categorization of Cloud Challenges


Notorious-9 - Cloud Challenges


Notorious-9 - Cloud Challenges..

Security of cloud


Toshiba july 12 2011

Toshiba -- July 12, 2011

Toshiba Database hacked and User accounts leaked by


Amazon july 29 2011

Amazon – July 29, 2011

Amazon Cloud hosts nasty Banking Trojan

Microsoft september 21 2011

Microsoft – September 21, 2011

Microsoft Cloud evaporated by 1 busted file

Service failed for hours

Apple december 22 2011

APPLE – December 22 ,2011

New Phishing attacks target iCloud,

MobileMe users

Cloud security challenges

Cloud Security Challenges

Data Locality






Network Security

Data Confidentiality

Access Control

Data Integrity

Data Security

Audit & Compliance

Frequency of cloud vulnerability incidents

Frequency of Cloud Vulnerability Incidents

Csp breakdown for unknown vulnerability

CSP breakdown for unknown vulnerability

Incidents with un reported causes

Incidents with un-reported causes

Cloud breakdown due to unreported causes

Number of Incidents

Breakdown of cloud provider incidents

Breakdown of Cloud Provider Incidents

Comparison among major cloud vendors

Comparison among major Cloud Vendors

Incidents at amazon over the years

Incidents at Amazon over the years

Cloud sec breach incidents amazon

Cloud Sec Breach Incidents- Amazon

Csa top cloud security threats

CSA Top Cloud Security threats


Cloud Security Threats

  • Abuse and Nefarious Use of Cloud Computing

    • Anyone with a valid credit card can register and abuse the relative anonymity to conduct their malicious activities with relative impunity.

  • Insecure Interfaces and APIs

    • The security and availability of general cloud services is dependent upon the security of SW interfaces and APIs.

  • Malicious Insiders

    • This threat is amplified for consumers of cloud services that are under a single management domain, combined with a lack of transparency.

  • Cloud related Malware

    • Attackers can use cloud-specific malware, such as bugs and Trojans, to either infiltrate or corrupt the network.


Cloud Security Threats-Cont..

  • Account or Service Hijacking

    • Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results.

  • Data Loss or Leakage

    • Due to the increase in number of interactions between risks and challenges which are unique to cloud because of the architectural or operational characteristics of the cloud environment.

  • Hardware Failure

    • Hardware, from switches to servers in data centers, may fail making cloud data inaccessible.


Cloud Security Threats – Cont..

  • Inadequate Infrastructure Design and Planning

    • Providers cannot cater to sudden spikes in demand,

      • Insufficient provisioning of computing resources

      • Poor network design

  • Closure of Cloud service

    • Disputes with the cloud provider or non-profitability of the cloud service leading to data loss unless end-users are legally protected.

  • Natural Disaster

    • Based on the geographical location and the climate, data centers may be exposed to natural disasters which can affect the cloud services

Cloud security controls

Cloud Security Controls

  • Data Governance

  • Labeling & Handling

    • Retention Policy

    • Security Policy

    • Risk Assessment

    • Secure Disposal

    • Information Leakage

  • Compliance

  • Third Party Audits

Cloud security controls1

Cloud Security Controls

  • Information Security

  • Baseline Requirements

  • User Access Policy

  • User Access Reviews

  • Segregation of Duties

  • Encryption & Encryption key management

  • Vulnerability / Patch Management

  • Policy Enforcement

  • User Access Restriction / Authorization

  • User Access Revocation

  • Incident Management

Cloud security controls2

Cloud Security Controls

  • Security Architecture

  • User ID Credentials

  • Network Security

  • Data Security / Integrity

  • Audit Logging / Intrusion Detection

  • Application security

  • Remote user multi-factor authentication

  • Data Governance

  • Ownership / Stewardship

  • Handling / Labeling / Security Policy

  • Information Leakage

Thank you

Thank You

  • Login